// check the origin countries of all IPs and creates events // ran on a separate thread private void CheckCountries() { int api_count = 0; while (true) { // if empty, wait if (ips_to_be_checked.Count == 0) { Thread.Sleep(5000); continue; } string ip = ips_to_be_checked.Take(); if (!checked_ips.ContainsKey(ip)) { string country = GetCountry(ip); api_count++; checked_ips.Add(ip, country); // create event Event e = new SEvent(42, DateTime.Now, "communication with country X", "network", EventType.SINGLE, new string[] { "IP", "Country" }, new string[] { ip, country }); ParseData(e); // timeout to not get banned if (api_count == 100) { Thread.Sleep(60000); api_count = 0; } } } }
// used to convert a FSD object to a Event object private SEvent FSDToEvent(FullSocketData fsd) { SEvent se = new SEvent(40, DateTime.Now, "local Network usage", fsd.pname, EventType.SINGLE, new string[] { "pname", "pid", "local_port", "server", "server_port", "transport_protocol", "protocol", "sent", "received", "packets_counter" }, new string[] { fsd.pname, fsd.pid.ToString(), fsd.localPort.ToString(), fsd.server, fsd.serverPort.ToString(), fsd.tprotocol, fsd.protocol.ToString(), fsd.sent.ToString(), fsd.received.ToString(), fsd.packetCount.ToString() }); return(se); }
private void alertsDataGrid_CellDoubleClick(object sender, DataGridViewCellEventArgs e) { Event ev = alerts[e.RowIndex].e; if (ev.et == EventType.SINGLE) { SEvent se = (SEvent)ev; MessageBox.Show(se.ToString()); } else { MEvent me = (MEvent)ev; MessageBox.Show(me.ToString()); } }
// fetches a counter - used as a callback // if the counter is a big multi-instance counter it doesn't sleep the sampleTime // because it take a lot of time and it won't be able to send data faster than once per second anyway void FetchCounter(object o) { List <PerformanceCounter> entry = (List <PerformanceCounter>)o; while (true) { DateTime time = DateTime.Now; PerformanceCounter pc0 = entry[0]; // obtain event.id and event.Description var query = from CounterData cd in counters where cd.CategoryName == pc0.CategoryName && cd.CounterName == pc0.CounterName select cd; CounterData qcd = query.FirstOrDefault(); int id = qcd.id; string description = qcd.description; if (entry.Count == 1) { // single-instance int val = (int)Math.Round(pc0.NextValue()); if (val < 0) { val = 0; } ParseData(new SEvent(id, time, description, "global", EventType.SINGLE, new string[] { "value" }, new string[] { val.ToString() })); Thread.Sleep(samplingTime); } if (entry.Count > 1) { // multi-instance SEvent[] events = new SEvent[entry.Count]; int i = 0; foreach (PerformanceCounter pc in entry) { string instance = pc.InstanceName; int val; try { val = (int)Math.Round(pc.NextValue()); if (val < 0) { val = 0; } } catch { val = -1; } events[i++] = new SEvent(id, time, description, instance, EventType.SINGLE, new string[] { "value" }, new string[] { val.ToString() }); } ParseData(new MEvent(id, time, description, EventType.MULTIPLE, events.Length, events)); // if it's a big multi-instance counter skip the sleeping part if (entry.Count < 10) { Thread.Sleep(samplingTime); } } } }